CVE-2016-4480

NameCVE-2016-4480
DescriptionThe guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-571-1, DSA-3633-1
NVD severityhigh (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)jessie (security), jessie4.4.1-9+deb8u10fixed
buster, sid, stretch (security), stretch4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.8.0~rc3-1high
xensourcejessie4.4.1-9+deb8u6highDSA-3633-1
xensourcewheezy4.1.6.lts1-1highDLA-571-1

Notes

http://xenbits.xen.org/xsa/advisory-176.html

Search for package or bug name: Reporting problems